Blog

If you work in the medical field, I'm sure you have heard of HIPAA. And if you own a medical facility I'm sure one of your worse nightmares is having to explain a Security Breach. Because we all know 80% of independent clinics and providers use at least one of the following free services. And yes, we know you will say "we don't use them to exchange PHI"

The reality is, it would be tough to prove you have been so diligent to prevent any PHI leaking to any of these free services, specially when a full team rely on them in a daily basis. Now please don't panic, as IT consultants, we want to shed some light into your HIPAA nightmares by giving a few examples of how easy and quickly you can change each one of those products for affordable compliant services:

ditch

get

All in One

Microsoft is one of the few cloud services providers that offers integration of all their services in affordable plans.

ditch gmail, get exchange online

Exchange online can be HIPAA compliant*

You can manage your email, contacts, tasks and calendar from a single interface on your desktop (Using Microsoft Outlook) or on a secure web browser

Compatible with all your smartphones and tablets

Business plans integrate user colaboration

ditch evernote, get Onenote:

OneNote can be HIPAA compliant*

Keeping your notes in premise or in the cloud is your choice, not the service choice

It accepts multiple users and keeps track of edited forms and users

You can Store your notes in your own server and back it up with your normal Server Backups.

Your Server security policies are applied to your notes

Ditch Dropbox and google drive, Get OneDrive:

OneDrive can be HIPAA compliant*

With an affordable business plan you get 1TB of storage (500 times more storage than Dropbox free)

Host Online Meetings with coworkers and even patients through encrypted live connections.

choose ﻿﻿﻿i﻿﻿﻿Eple as your IT Provider

We hope this information is valuable for your and want to assist with your Security and compliance plan. Please contact us for a FREE, NO Obligation business inspection so we can help you cover all your IT needs and keep you in control of your IT budget.

* When we say: "Can be compliant" we are communicating that Microsoft Office 365 offers to sign a Business Associate Agreement which help proving compliance of your apps when they are deployed within best practice guidelines from both regulation entity and service provider.** iEple never recommends to submit any PHI information through email or third party applications, however recognizes some cloud service providers make Business Associate Agreements where they describe which ways are safe for data transfer and online communications.

If OneNote is okay, and OneDrive is okay, why backup OneNote on your personal server? Why not back it up to OneDrive, which is what ir does naturally? Is OneNote attached to Onedrive not secure somehow?

Thank you for participating. In our experience we have stored OneNote files on local servers so the permissions are subject to the Server Group Policy rules; giving the opportunity to allow employees access to company or medical practice OneNote files and make them accountable using Group Policy Management and local auditing.

Usage of OneDrive to store OneNote files should be compliant as well assuming all OneDrive and OneNote users are members of an Office365 account that has a Business Associate Agreement endorsed by Microsoft. Yet auditing and tracking may not be as immediate as it would on Active Directory.

I hope this clarifies your concern. Please reply with any questions or concerns.

Thank you again for participating and sharing your thoughts.

Reply

lisa pontbriand

9/30/2016 08:32:47 am

How does one sign a business associate agreement? So, if I am using onenote, it is not technically hipaa compliant at the moment? Please show steps of what to do.